Use the following steps to limit access to the entire site for a set of selected IP addresses:

1. Open the .htaccess file in the root folder of your WordPress installation. You will see some code similar to the following:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /cookbook1/
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /cookbook1/index.php [L]
</IfModule>
# END WordPress

2. Add the following code to the top of the file, before the # BEGIN WordPress line. You should replace the IP in the code with your own IP address:

order deny,allow
deny from all
allow from 112.135.233.147

3. Save the changes to the file. You can add more IPs by duplicating the following line for each IP:

allow from 112.145.233.142

4. Visit the frontend or backend of the site. You will see the requested content as usual.
5. Change the IP in the code in step 2 and add a different IP not used by you.
6. Visit the frontend or backend of the site again.
7. Now, you will get a message similar to the following on a white screen without the actual content of the site:

Forbidden
You don’t have permission to access this resource.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

Since you are accessing the site through an IP not allowed in the .htaccess file, you won't be able to get access to any part of the site.

Sometimes we want to limit access to the entire site for certain IPs. However, in normal circumstances, we only need to protect the backend of the site by limiting the backend features to certain IPs. Use the following steps to restrict the backend to selected IP addresses and allow frontend access to anyone:

1. Remove the rules added in the first part of this recipe and save the .htaccess file.
2. Download or create a copy of the .htaccess file in your root folder.
3. Open the copied file in the code editor.
4. Replace the existing content with the following content:

order deny,allow
deny from all
allow from 112.145.233.142

5. Save the changes.
6. Upload the file to the wp-admin folder of your WordPress installation.
7. Access both the frontend and backend of your site.

Now, you will be able to access both the frontend and backend of the site as long as your IP is in the list of allowed IPs. If your IP is not in the allowed list, you will only have access to the frontend of the site. You will get a Forbidden error when trying to access the backend of the site.